FTA:
What changes with the return of Chat Control 1.0—and what stays the same:
*What is coming back:* US tech companies are once again allowed to scan private messages without a warrant or prior suspicion. This affects direct messages on platforms like Instagram, Discord, Snapchat, Skype, and Xbox, as well as emails via Google’s Gmail and Apple’s iCloud.
*What remains unchanged:* Public social media posts and files hosted in cloud storage could already be scanned without this law. Furthermore, private messages can always be reported by users, or monitored by authorities using targeted, court-ordered wiretapping.
*What is still NOT being scanned:* End-to-end encrypted chats, such as those on WhatsApp, have always been exempt from these scans. Additionally, European providers of messaging and email services have never implemented chat control measures.
So, E2E is unaffected?
Instead of solving real problems, the EU Parliament supports the globalists' agenda for privacy and human rights violations — our fundamental rights
Roberta Metsola's actions this week jeopardise the legitimacy of the EU project as a whole.
It's clear that member countries use the EU as a blame-laundering mechanism to pass domestically unpopular laws, but the forcing of this vote under the urgency procedure that requires absolute majority to reject, on the last EP session before summer break is so blatant that it might awaken people that might've overlooked the structural failures of the EU and finally radicalise them
EDIT: bad wording, it's not that the urgency procedure causes the voting to require absolute majority, it's that an absolute majority second-reading is forced through an emergency procedure which is designed for first readings of legislation that's the implied meaning above
Stupid parliamentary trick: Hold the vote on the day before the summer break - ensuring that many people have already returned to their home countries. Then use a sort of "reverse" parliamentary trick: the default is that this legislation is accepted. They needed an absolute majority - not of voting members, but of all members - to reject it.
Result: 314 against, 276 in favor, 17 abstentions, 113 absent
The EU is well on the way to becoming a totalitarian government.
ETA: It is shocking that 276 members of parliament would vote to support this. Are so many so naive? Or being paid off?
I don't want to hear about the EU's "strong digital privacy" laws and protections ever again.
(Based on https://www.euronews.com/my-europe/2026/07/07/eu-to-extend-t... and https://www.euractiv.com/news/how-the-epp-pushed-the-chat-sc... as well as the stuff in the link).
Here's a quote from the article itself, which works for both pro and con arguments:
"What is still NOT being scanned: End-to-end encrypted chats, such as those on WhatsApp, have always been exempt from these scans. Additionally, European providers of messaging and email services have never implemented chat control measures."
As I'm not trained in law, I have no strong opinions on if this proposal is a net positive or negative, almost any big name LLM will do a better job than I can manage by looking at the legal text, stroking my goatee and saying "I recon…". But what I can say that I've just seen a headline about a class action lawsuit in the USA due to grok making CSAM and the company failing to assist the police in their investigations, and another about Meta facing a lawsuit in India for delivering advertising for CSAM on Instagram.My steelman in favour of the legislation:
The regulation closes a legal gap that would otherwise force platforms to stop using existing CSAM detection systems; it's a temporary framework that doesn't require universal mandatory scanning or ban E2EE, just keeps the legal basis for companies which choose to use detection/scanners while lawmakers continue negotiating a more comprehensive longterm solution.
My steelman against the legislation:
Scanning private communications, even allowing companies to "voluntary" do this, sets the precedent that the confidentiality of private correspondence is conditional rather than fundamental. Also, automated scanning inevitably has false positives. Also, has chilling effect on free speech, undermines trust in encrypted messaging.
Also, situationally, that it's "voluntary" means offenders can migrate to platforms which don't "voluntarily" do this.
This, and other similar legislation, serve as a constant reminder of why the American founding fathers had to revolt against tyranny, and why constitution amendments like the 1st and 4th exist. The 4th in particular was written as a response to a British law similar to Chat Control (writs of assistance).
This article seems to make good points about how useless and invasive Chat Control 1.0 is, but then posits Chat Control 2.0 as the answer. Is the latter not also terrible for privacy, demanding backdoors in all encrypted chat tech?
Every day I grow less enamoured with the EU project. More and more, the laws and regulations imposed upon citizens are hostile.
> Although a majority of voting Members of the European Parliament (MEPs) actually opposed the regulation (314 against, 276 in favor, 17 abstentions), the motion to reject it failed to secure the required absolute majority of 361 votes.
This vote was urgently scheduled for today, the last day of parliament before the summer break. 113 MEPs were not present for this vote, likely having taken vacation days to extend their break. It's hard to believe choosing to do the vote today was done accidentally.
One thing that should be noted is that, since the Parliament has been able to approve an amendment by absolute majority (which explicitly excludes E2E chats), the procedure is not over and the law is still not enacted, a third reading is still needed, after negotiations with the Council and the Commission, and in this case the Parliament will be able to reject the act by a simple majority
From Google: "The law seeks to require digital platforms and messaging services (like WhatsApp and Gmail) to automatically scan users' private messages, emails, and photos to detect and report illegal content"
-- EU policy makers are really honest people, hats off to them. There's no way politicians in my country allow their chats to be scanned, because they're very corrupt.
The defence against this is widespread truly peer to peer messaging services, where there is no company at the middle to tell you add backdoors.
Who is working on that? I suspect the main challenge is not technical, but human - persuading users to switch messenger apps is almost impossible.
Maybe a dumb question, but what's to stop people from communicating e2e encrypted over totally insecure channels using steganography techniques?
You don't need a special app to do this, or maybe you just need a companion app that you type your message into and it gives you the thing you just paste into whatever messaging app / social media you use. The steganography makes it hard for the operator to determine that you're "abusing" the service by not transmitting your message in the clear so they can read it.
1) Alice uses steganography to embed her public key in an otherwise innocent or mundane looking image e.g their profile picture.
2) Bob uses the public key to encrypt a short message to send her.
3) Bob embeds the encrypted message in his own mundane looking image (could generate these from a pool of images or on the fly using stable diffusion)
4) Bob sends the image to Alice.
5) Alice recovers the encrypted message and decrypts using her private key.
(Could also use the process to do key encapsulation too, instead of using the raw key pair)
There are at least two options to verify age without humiliating procedure of taking a selfie with a passport like a porn actor.
First, there are USB tokens that can hold a private key and sign messages. Such tokens could be sold at places accessible only to adults and verify that they are indeed adult. Obviously every token should hold the same private key.
Second, OS could implement "parent mode" which allows installing only white-listed, government approved apps (no Telegram or Whatsapp or other dangerous apps, but school apps are ok) and opening only white-listed government-approved websites. Put in jail the parents who did not set up a parent mode. Problem solved without passports and verifications.
If, however, the government insists on selfies, it means they just want to identify users and compile lists of "untrustworthy", "rebelious" and other persons of interest.
Also, employees who do verification, sometimes create internal chats where they post pictures of clients and mock their appearance. We had such case with Alfa-Bank in Russia, where the photo of a funny client with a passport and third-grader level comments leaked to Instagram account of employee's friend. The bank paid approximately $20 as a compensation.
EPP is a corrupt, authoritarian regime that will hopefully not last long. It is not a coincidence the union took a massive, noticeable turn for the worse in 2019 -- the von der Leyen presidencies have done immeasurable damage it will never recover from. They have also been complicit in crime and corruption from Bulgaria, Serbia and Hungary, for years, and that is even if you exclude the Pfizer disaster nobody was held responsible for. They are giving the opposing parties ammunition they need to take them and the dream of a stronger union down, and the only way they can fight back is banning those parties outright, one of which voted completely against this utterly insane, already repeatedly rejected mass scanning. It's hard to think of the union as anything positive when this is the direction it is taking.
> apps that are safe by design for children
How do we design such apps? Let's rule out age attestation (to allow only some age ranges) or scan of content because they are orthogonal to apps. What are the design patterns that prevent adults to meet kids? No messaging?
If the EU just were to redirect the resources they're currently allocating to regulations like AI and Chat Control rather towards developing a genuinely competitive OpenAI or Anthropic alternative …
List of votes per MEP: https://howtheyvote.eu/votes/195775
Is there an EICAR file equivalent for CSAM? it seems like I'm going to busy preparing a mass messaging/mailing campaign to EU law makers
I mean, even the victims themselves came out and explicitly emphasized that scanning chat messages does not help.
I'm feeling these politicians was not doing it for the victims. Instead, it's almost like the victims are providing reasons to allow the politicians to expand their own power.
The Accelerationism (see note below) part of me think it's a good thing, because a heavily regulated country is often also a backward country. Doing things like this long enough, then you get out competed by everyone else, your population shrinks to zero and your land gets reused.
(Note: The word "Accelerationism" in the Chinese dissidents circle means that, if a bad future is certain and it trends to destroy itself eventually, we might as well just let it happen faster, so the pain maybe shorter. More: https://en.wikipedia.org/wiki/Accelerator-in-Chief)
Look, EU obviously have a few good regulations. But a regulation must be correctly designed and implemented, and it must not punish good people. Scanning private messages is a punishment to all.
If EU must scan something, I'd say scanning all messages/phone calls sent out by the politicians might do more good, consider how much trust people put on them (maybe they shouldn't).
I want to like the EU. In many ways I do. They're making it really easy to not like them.
All for a safe and secure society.
This is a very disappointing news. It weakens democracy and makes the EU hypocrite.
Why should one care about GDPR or some privacy shield thingy when this is going through ?
Great, so even if something is repeatedly voted down and doesn't get enough votes it can still pass.
It's a joke. The system is hacked.
So much effort and emotions wasted. EU should have a mechanism that disallows repeatedly pushing for things until they are greenlit. Lack of this type of measure renders whole governance incapable of being taken seriously.
Once you realise the age group that are in that bracket of european law making you realise it's gen X AKA the helicopter parent generation and it all becomes less shocking.
Rest assured, someone is already working on circumventing this. Necessity is the mother on invention.
The lobbyists won this round.
So, private companies can't track you, but the people with the state's monopoly on violence (which very much exists in the EU member nations) can?
Is there any sort of warrant needed for accessing this sort of information on devices?
Majority AGAINST, passes anyway:
314 against, 276 in favor, 17 abstentions
In case anyone wants to know: stopping it would have required 361 against.
I'm curious where I can go to see real regularpeople who support this, is there like a different side of reddit, comments section? I don't know anyone who is blatantly anti-privacy and I want to hear their reasoning. Otherwise this just seems to be the EU rolling into a weird distributed autocracy without anyone blinking an eye.
What can we do to try and stop this?
free healthcare o algo
To hell with children. Create a separate internet for them, no ICANN access unless they are parent-supervised until they hit 13 or so.
I do not believe solutions to these issues will be found with government regulators. I believe they can be enabled by new technology that is designed to balance interests on all sides and actually enforce the guarantees IN CODE AND PROTOCOLS.
Having said that, I don’t think the tech industry is what it once was, dominated by cypherpunks working to create a better world. It has been captured by greed and “moving fast and breaking things”, as well as infighting. Greed (both in the form of web3 numbers go up, and benefiting from the greater fool while delivering no utility) and moving fast (web2 facebook / VC / dump shares on the public / lock in / extract rents). So no wonder the government eventually steps in, when the industry spends a decade without adults steering the ship. We have giant platforms controlling everything, and the rest has devolved into zero sum games and memecoins. The tech industry hasn’t led or even organized enough to get behind technology that can liberate users. Instead it’s been captured by for-profit interests. Mozilla and Apache are rounding errors.
Here is what open source can do when it comes to mass surveillance, and this would also solve the Flock problem here in the States, too:
https://community.qbix.com/t/balancing-privacy-and-accountab...
More broadly, here is what needs to be done across the board:
Really the west is currently at the wrong side of history. With the US bombing and killing hundreds of thousands of civilians in the last decade. Europe with its hypocrite stance in literally everything. Slowly the west is becoming a much less free place to live than a Russia. And propoganda in the west makes people think they are free. It's bullshit. They are not free. You got more freedom to move around, start businesses, own stuff in China and Russia than in any western European country.
> In these talks, the EU Parliament is pushing for a paradigm shift in how we approach online child safety, demanding: [..] Strict security standards for messaging apps (“Security by Design”) to prevent cyber grooming.
It's dispiriting to see a supposedly pro-privacy politician launder backdoors as "strict security standards".
what are the actual consequences of that? they can read any Whatsapp encrypted chat? What changes?
Related:
Chat Control 1.0 and 2.0 Explained
https://news.ycombinator.com/item?id=48818311
Chat Control passed first round in EU Parliament
This might get this control out, but people's anti-EU stance will just be increased by this and long-term this is a terrible move.
Just fueling material for right wingers who will take advantage of this and push for secessionist stuff.
EU is in dire need to have VERY POPULAR measures among people, not idiotic stuff like this which is a step in a wrong direction.
I'm honestly confused about why this is on topic for HN.
https://news.ycombinator.com/newsguidelines.html
> Please don't use Hacker News for political or ideological battle. It tramples curiosity.
Don't get me wrong, I feel a desire to engage with this as well, but there is nothing I can possibly say about this that is not political, because this is purely a political choice.
Brought to you - as always - by the Conservatives. Conservatism is just fascism with a slightly nicer image.
And so, step by step, in the name of child protection and similar excuses, we lose liberties and rights one by one.
Welcome to the Brave New 1984 We World. Big Brother loves us.
We are living through the time best described by Zamyatin, Orwell, and Huxley.
[flagged]
[dead]
This is a nice piece of democracy right here:
"a measure it had rejected twice in March. Although a majority of voting Members of the European Parliament (MEPs) actually opposed the regulation (314 against, 276 in favor, 17 abstentions), the motion to reject it failed to secure the required absolute majority of 361 votes. As a result, mass scanning is now permitted again until 2028."
"Oh no we can't get a majority to pass the law!"
"Have you tried getting a majority to not pass the law?"
"Worth a shot!"
"It worked, should we also do this multiple times?"
"Of course not! Pass the law, quickly!"